Re: [edk2-devel] [PATCH v1 0/4] Don't require self-signed PK in setup mode

Sun, 22 Jan 2023 22:14:07 -0800 

Hi Sean
I would like to hear your feedback, since it is a little different from the 
original MSFT patch.

Would you please take a look?

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Jan Bobek <jbo...@nvidia.com>
> Sent: Saturday, January 21, 2023 6:59 AM
> To: devel@edk2.groups.io
> Cc: Jan Bobek <jbo...@nvidia.com>; Laszlo Ersek <ler...@redhat.com>; Yao,
> Jiewen <jiewen....@intel.com>
> Subject: [PATCH v1 0/4] Don't require self-signed PK in setup mode
> 
> Hi all,
> 
> I'm sending out v1 of my patch series that addresses a UEFI spec
> non-compliance when enrolling PK in setup mode. Additional info can be
> found in bugzilla [1]; the changes are split into 4 patches as
> suggested by Laszlo Ersek in comment #4.
> 
> I've based my work on the patch by Matthew Carlson; I've credited him
> with co-authorship of the first patch even though in the end I decided
> to do the implementation a bit differently.
> 
> Comments & reviews welcome!
> 
> Cheers,
> -Jan
> 
> References:
> 1. https://bugzilla.tianocore.org/show_bug.cgi?id=2506
> 
> Jan Bobek (4):
>   SecurityPkg: limit verification of enrolled PK in setup mode
>   OvmfPkg: require self-signed PK when secure boot is enabled
>   ArmVirtPkg: require self-signed PK when secure boot is enabled
>   SecurityPkg: don't require PK to be self-signed by default
> 
>  SecurityPkg/SecurityPkg.dec                             | 7 +++++++
>  ArmVirtPkg/ArmVirtCloudHv.dsc                           | 4 ++++
>  ArmVirtPkg/ArmVirtQemu.dsc                              | 4 ++++
>  ArmVirtPkg/ArmVirtQemuKernel.dsc                        | 4 ++++
>  OvmfPkg/Bhyve/BhyveX64.dsc                              | 3 +++
>  OvmfPkg/CloudHv/CloudHvX64.dsc                          | 3 +++
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc                        | 3 +++
>  OvmfPkg/Microvm/MicrovmX64.dsc                          | 3 +++
>  OvmfPkg/OvmfPkgIa32.dsc                                 | 3 +++
>  OvmfPkg/OvmfPkgIa32X64.dsc                              | 3 +++
>  OvmfPkg/OvmfPkgX64.dsc                                  | 3 +++
>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 3 +++
>  SecurityPkg/Library/AuthVariableLib/AuthService.c       | 9 +++++++--
>  13 files changed, 50 insertions(+), 2 deletions(-)
> 
> --
> 2.30.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98957): https://edk2.groups.io/g/devel/message/98957
Mute This Topic: https://groups.io/mt/96412382/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to